Learn Setting Up Teamspeak 3 on Debian Wheezy

April 19, 2019

Table of Contents

    This article will show you how to run a Teamspeak 3 server under Debian Wheezy. Before you can start with it, you should do some preparation on your VPS.

    If you already have a firewall in place, make sure that traffic to the Teamspeak server is allowed by adding the following rules:

    iptables -A INPUT -p udp --dport 9987 -j ACCEPT
    iptables -A INPUT -p udp --sport 9987 -j ACCEPT
    iptables -A INPUT -p tcp --dport 30033 -j ACCEPT
    iptables -A INPUT -p tcp --sport 30033 -j ACCEPT
    iptables -A INPUT -p tcp --dport 10011 -j ACCEPT
    iptables -A INPUT -p tcp --sport 10011 -j ACCEPT
    

    Otherwise, here is a basic list of rules that allows SSH and ICMP traffic (as well as traffic for Teamspeak of course) and drops everything else, IPv4 and IPv6:

    iptables -A INPUT -i lo -j ACCEPT # Since a lot of interprocess-communication goes over the loopback-interface you should allow it to avoid very, very weird and difficult problems
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Accept packets that respond to outgoing requests
    iptables -A INPUT -p icmp -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p udp --dport 9987 -j ACCEPT
    iptables -A INPUT -p tcp --dport 30033 -j ACCEPT
    iptables -A INPUT -p tcp --dport 10011 -j ACCEPT
    iptables -P INPUT DROP # DROP everything else
    
    ip6tables -A INPUT -i lo -j ACCEPT
    ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    ip6tables -A INPUT -p icmpv6 -j ACCEPT
    ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
    ip6tables -A INPUT -p udp --dport 9987 -j ACCEPT
    ip6tables -A INPUT -p tcp --dport 30033 -j ACCEPT
    ip6tables -A INPUT -p tcp --dport 10011 -j ACCEPT
    ip6tables -P INPUT DROP
    

    After spinning up your server, login as root. While permanently working as root is generally frowned upon by the internet community, it also has serious implications for the security of your server. According to the Internet Storm Center 90% of all brute-force attacks on SSH are targeting the root-account. There are hundreds if not thousands of automated scans out there trying to break into servers with weak administrative passwords – so it’s definitely a good idea to use a separate user in combination with sudo.

    First, add another user and give it a strong password:

    useradd -m -s /bin/bash yourusername
    passwd yourusername
    

    Next, edit /etc/sudoers to allow yourself to use it:

    yourusername    ALL=(ALL:ALL) ALL
    

    Then, logout and log back into the machine with your new user. You can then disable root login in /etc/ssh/sshd_config:

    PermitRootLogin no
    AllowUsers yourusername
    

    https://www.itweb.services/tutorials/linux-guides/how-do-i-generate-ssh-keys”>this tutorial. Congratulations, you saved yourself from over 90% of attackers out there. Now, onto installing the Teamspeak server.

    It is bad practice to run a service as root, so create a user solely for Teamspeak:

    sudo useradd -m -s /bin/bash teamspeak
    

    Afterwards, log into that user account and switch to the home directory:

    sudo su teamspeak
    cd
    

    Download Teamspeak. Depending on your architecture, you will need either the x64 version:

    wget http://dl.4players.de/ts/releases/3.0.11.1/teamspeak3-server_linux-amd64-3.0.11.1.tar.gz
    

    Or the x86 version:

    wget http://dl.4players.de/ts/releases/3.0.11.1/teamspeak3-server_linux-x86-3.0.11.1.tar.gz
    

    Unpack the downloaded archive:

    tar -xzvf *.tar.gz && rm *.tar.gz
    

    Now, you have a folder named teamspeak3-server_linux-amd64 with some scripts in it. Switch back to your normal user:

    exit
    

    Setup a script to automatically start your server after a reboot. This script also easily stops or restarts the Teamspeak service. Paste the following into /etc/init.d/teamspeak:

    #!/bin/sh
    ### BEGIN INIT INFO
    # Provides: teamspeak
    # Required-Start: $local_fs $network
    # Required-Stop: $local_fs $network
    # Default-Start: 2 3 4 5
    # Default-Stop: 0 1 6
    # Description: Teamspeak 3 Server
    ### END INIT INFO
    
    USER="teamspeak"
    DIR="/home/teamspeak/teamspeak3-server_linux-amd64"
    ###### Teamspeak 3 server start/stop script ######
    case "$1" in
    start)
    su $USER -c "$DIR/ts3server_startscript.sh start"
    ;;
    stop)
    su $USER -c "$DIR/ts3server_startscript.sh stop"
    ;;
    restart)
    su $USER -c "$DIR/ts3server_startscript.sh restart"
    ;;
    status)
    su $USER -c "$DIR/ts3server_startscript.sh status"
    ;;
    *)
    echo "Usage: " >&2
    exit 1
    ;;
    esac
    exit 0
    

    Make that file executable:

    sudo chmod 700 /etc/init.d/teamspeak
    

    Now, make Teamspeak start at boot:

    sudo update-rc.d teamspeak defaults
    

    All that’s left is to start the service:

    sudo service teamspeak start
    

    Happy chatting!

    Need help?

    Do you need help setting up this on your own service?
    Please contact us and we’ll provide you the best possible quote!